client.py

#!/opt/gvenv/venv_csui/bin/python3
import logging
import requests
from requests import Response, Request
from pprint import pformat
from json import dumps as json_dumps
from datetime import datetime
import time
import sys
import hvac
from library.servicenow import env_user
#https://intragate.ec.europa.eu/snet/wiki/index.php/System/accessing_and_managing_hashicorp_vault
#https://developer.hashicorp.com/vault/docs/auth/approle
#https://hvac.readthedocs.io/en/stable/usage/auth_methods/approle.html
#https://hvac.readthedocs.io/en/stable/usage/secrets_engines/kv_v2.html#read-secret-metadata
#curl -H "X-Vault-Namespace: EC/DIGIT_C4_SNET_ADMIN-ACC" -X POST --tlsv1.2 --data '{"password": "password"}' https://sam-hcavault.cec.eu.int/v1/auth/userpass/login/fandrem
class Vault(object):

    def __init__(self):
        self.session = requests.Session()

    def getPasswordByAppRole(self, key, vault_url, namespace_used, role_id, secret_id, mount_point, engine):
        # Create a client instance
        client = hvac.Client(url=vault_url, namespace=namespace_used,  verify="/etc/ssl/certs/")
        response = client.auth.approle.login(role_id=role_id, secret_id=secret_id)
        # Extract the client token from the response
        client.token = response['auth']['client_token']
        #TODO : Acc using version 1 in the past now all is uniform
        #secret = client.secrets.kv.v1.read_secret(path=key,mount_point=mount_point)
        secret = client.secrets.kv.v2.read_secret_version(path=key ,mount_point=mount_point)
        secret_data = False
        if secret is not None  and 'data' in secret and secret['data'] is not None:
            secret_data =secret['data']['data']['data']['password']
            #print(secret_data)
        else:
            print(secret, "secret")
            print("Failed to retrieve the secret.")
        client.logout()
        return secret_data

log = logging.getLogger(__name__)
clientV = Vault()